Analysis Overview
SHA256
f50ff41e503c8b504faa61db21e97a1525c97eb97fa2e88f835ce473017b4214
Threat Level: Known bad
The file Client-built.exe was found to be: Known bad.
Malicious Activity Summary
Quasar family
Quasar payload
Quasar RAT
Reads user/profile data of web browsers
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-27 18:45
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-27 18:45
Reported
2023-11-27 19:16
Platform
win10-20231020-en
Max time kernel
1797s
Max time network
1810s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vxc-63595.portmap.host | udp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| US | 8.8.8.8:53 | 99.193.161.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 8.8.8.8:53 | 254.111.26.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.57.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.43.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vxc-63595.portmap.host | udp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| US | 8.8.8.8:53 | vxc-63595.portmap.host | udp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| US | 8.8.8.8:53 | vxc-63595.portmap.host | udp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| US | 8.8.8.8:53 | vxc-63595.portmap.host | udp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
| DE | 193.161.193.99:63595 | vxc-63595.portmap.host | tcp |
Files
memory/2960-0-0x0000000000580000-0x00000000008A4000-memory.dmp
memory/2960-1-0x00007FFFD7A20000-0x00007FFFD840C000-memory.dmp
memory/2960-2-0x000000001B4B0000-0x000000001B4C0000-memory.dmp
memory/2960-3-0x000000001B4C0000-0x000000001B510000-memory.dmp
memory/2960-4-0x000000001BA50000-0x000000001BB02000-memory.dmp
memory/2960-7-0x000000001B550000-0x000000001B562000-memory.dmp
memory/2960-8-0x000000001B9D0000-0x000000001BA0E000-memory.dmp
memory/2960-9-0x00007FFFD7A20000-0x00007FFFD840C000-memory.dmp
memory/2960-10-0x000000001B4B0000-0x000000001B4C0000-memory.dmp